Methods and systems for content availability based on location

ABSTRACT

Access to protected content is based on a client device being within a region. The region may be a mobile or movable region, and/or a region that is in motion. In some embodiments, the region may be determined based on a distance from a position within the region, or based on a boundary about the position that need not be symmetrical. In some embodiments, the region is a three dimensional region. In some embodiments, being within the region is further based on the region being above a defined altitude. In further embodiments, a determination for access is based on whether the client device is detected to be in motion relative to the region.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/777,290 filed Feb. 26, 2013, which is incorporated herein byreference.

TECHNICAL FIELD

The present embodiments relate generally to protected content and, moreparticularly, but not exclusively, to managing access to content basedon a location of the content (and/or client device having the content)with respect to a defined region, and further selectively based on theregion being mobile, movable, or in motion.

BACKGROUND

In today's society, people have become increasingly mobile. In response,today's computing devices have also become more mobile, providing userswith a greater opportunity to access content virtually anywhere and/oranytime. However, while there is a desire by many to have increasedaccess to content, content providers may, for a variety of reasons,prefer to restrict access. Such restrictions may be for securityreasons, costs reasons, as well as other reasons. Therefore, there is adesire to be able to balance the desire for increased access whilemaintaining selected restrictions to the content. Thus, it is withrespect to these considerations and others that the present inventionhas been made.

BRIEF DESCRIPTION OF THE DRAWINGS

Non-limiting and non-exhaustive embodiments are described with referenceto the following drawings. In the drawings, like reference numeralsrefer to like parts throughout the various figures unless otherwisespecified.

For a better understanding of the present embodiments, reference will bemade to the following Detailed Description, which is to be read inassociation with the accompanying drawings, in which:

FIG. 1-A illustrates a system diagram of one embodiment of anenvironment in which the subject innovations may be practiced;

FIG. 1-B illustrates a system diagram of another embodiment of anenvironment in which the subject innovations may be practiced;

FIG. 2 illustrates one possible embodiment of a client device usablewithin the environment of FIGS. 1A and 1B;

FIG. 3 illustrates one possible embodiment of a network device usable bya content provider within the environment of FIGS. 1A and 1B;

FIG. 4 illustrates a flow chart of one embodiment of a process usable tomanage selective access to content that is protected based on arelationship of the content to a mobile region; and

FIG. 5 illustrates a flow chart of one embodiment of a process usable tomanage selective access to content that is protected based on arelationship of the content to a region and further based on a motion ofthe content relative to the region.

DETAILED DESCRIPTION

The present embodiments now will be described more fully hereinafterwith reference to the accompanying drawings, which form a part hereof,and which show, by way of illustration, specific aspects in which theembodiments may be practiced. These embodiments may, however, take manydifferent forms and should not be construed as limited to theembodiments set forth herein; rather, these embodiments are provided sothat this disclosure will be thorough and complete, and will fullyconvey the scope to those skilled in the art. Among other things, thepresent embodiments may include methods or devices. Accordingly, thepresent embodiments may take the form of entirely hardware or acombination of software and hardware aspects. The following detaileddescription is, therefore, not to be taken in a limiting sense.

Throughout the specification and claims, the following terms take themeanings explicitly associated herein, unless the context clearlydictates otherwise. The phrase “in one embodiment” as used herein doesnot necessarily refer to the same embodiment, though it may.Furthermore, the phrase “in another embodiment” as used herein does notnecessarily refer to a different embodiment, although it may. Thus, asdescribed below, various embodiments of the invention may be readilycombined, without departing from the scope or spirit of the invention.

In addition, as used herein, the term “or” is an inclusive “or”operator, and is equivalent to the term “and/or,” unless the contextclearly dictates otherwise. The term “based on” is not exclusive andallows for being based on additional factors not described, unless thecontext clearly dictates otherwise. In addition, throughout thespecification, the meaning of “a,” “an,” and “the” include pluralreferences. The meaning of “in” includes “in” and “on.”

As used herein, the term “content” includes any digital data that may becommunicated over a network, or otherwise provided to a client device.Non-exhaustive examples of content include but are not limited tomovies, videos, music, spoken word, pictures, illustrations, graphics,images, text, e-books, spreadsheets, and the like. Content may alsoinclude an application, such as a game, a script, or the like. In oneembodiment, the content may be protected through a license thatdescribes how, where, when, by whom, or so forth, content that isprotected may be accessed, distributed, copied, or the like. Forexample, the content can be protected from being accessible or otherwiseplayable when the content is determined to be outside of a definedthree-dimensional region and selectively when detected to be in motionrelative to a defined position. In one embodiment, the content isprotected using encryption.

As used herein, encryption refers to the process of transforming digitalcontent (referred to as plaintext) using an algorithm (called a cipher)to make it unreadable to anyone except those possessing specialknowledge, usually referred to as a key. Decryption is the process ofconverting encrypted digital content back into its original form. Asused herein, “unencrypted” digital content refers to digital contentreceived in plaintext—or that is otherwise not encrypted, and thereforedoes not need to be decrypted. Unencrypted content as used herein thenis also referred to as unlocked content. Encrypted content then islocked content that is not accessible for play or other access.

Encryption can use symmetric key encryption, or asymmetric keyencryption, or even a combination of symmetric and asymmetric keyencryption. Asymmetric key encryption is sometimes known aspublic/private key encryption. In some embodiments, the private key isuniquely associated with a user, content, application, or othercomponent, such that attempts to access the private key improperly couldresult in disabling subsequent access to the private key.

It should be understood plaintext digital content, may be received, inat least one embodiment, in a compressed form, or encoded form, andstill be considered as plaintext for the purposes described herein.Moreover, as discussed further below, digital content may includeportions that are encrypted, and other portions that are unencryptedwithin a same stream or larger context of digital content. Further,different encrypted portions of the digital content may be encryptedusing different encryption keys, and/or employ different licenses. Inone embodiment, keys useable for decrypting the differently encrypteddigital content may be rotated, reused, or renegotiated.

The following briefly provides a simplified summary of the subjectinnovations in order to provide a basic understanding of some aspects.This brief description is not intended as an extensive overview. It isnot intended to identify key or critical elements, or to delineate orotherwise narrow the scope. Its purpose is merely to present someconcepts in a simplified form as a prelude to the more detaileddescription that is presented later.

Briefly stated, subject innovations are directed towards managing accessto content based on a location of the content with respect to a definedregion and may further include selectively determining access based onwhether the content is detected to be in motion relative to a definedposition. Thus, the content may be locked unless it is determined to bewithin one or more defined regions. Within a defined range or region,the content may be unlocked such that a user may access and/or otherwiseinteract with the content. When the content is moved outside of thedefined region, the content is forced closed and locked. In someembodiments, use of the content might be automatically terminated, ifcurrently being accessed, and subsequently locked. To open or unlock andaccess the content again, would then involve at least moving the contentback within the region.

In some embodiments, the region is defined as being within adeterminable distance from a defined position. However, the region orregions need not be symmetric, and may include irregularly shapedregions about the defined position as well. The regions may be definedin one-dimension (e.g., a distance from a particular point) or intwo-dimensions (e.g., with a two-dimensional boundary) or inthree-dimensions (e.g., with a three-dimensional boundary). In someembodiments, the region includes an elevation as measured from a pointon the earth, or from some other reference point. For example, contentmay be locked except for use within a specified floor in a building. Inmodern city environments, many businesses could occupy a sametwo-dimensional (2D) geographic region, but be identified by a buildingfloor that they occupy. Thus, subject invocations address this issue byincluding elevation in the region definitions such that content may thenbe locked/unlocked based on the content's physical relationship to theregion.

In some embodiments the region is a region that is mobile or movable.That is, the region may be associated with or otherwise defined to moverelative to a position on the earth. Examples of such mobile or movableregions include, but are not limited to regions associated with a car orbus (or other motor vehicle), a boat, a train, a plane, or the like. Aregion that is in motion then would represent a moving vehicle, movingboat, moving train, moving bus, or the like. The content may then bemade accessible to a client device that is within the region that is inmotion, and locked or otherwise inaccessible otherwise. It will beunderstood that in at least some embodiments, the mobile or movableregion is not necessarily constantly in motion, but may be at restduring certain time periods (e.g., at a bus stop, train station, orairport.) The movable or mobile region can be defined one-dimension(e.g., a distance from a particular point like the vehicle, train,plane, or the like) or in two-dimensions (e.g., with a two-dimensionalboundary) or in three-dimensions (e.g., with a three-dimensionalboundary).

In some embodiments, the content can also be locked except for aninterlocking chain of regions so that content is locked except along adefined route, such as might be traveled by a commercial vehicle like abus, train, or the like. In other embodiments, the content can besecured within a region that moves. For example, the content might beuseable when the content is detected within a bus, train, or othervehicle, even when that vehicle takes (is moving through) a differentroute. Further, the content may be locked based on elevation, as well asmotion. Thus, for example, a user might purchase, or otherwise request,the content prior to boarding a plane. The content might remain lockeduntil the plane exceeds a particular elevation during flight. Further,when the plane again descends below the particular elevation, or adifferently defined elevation, the content may again be locked fromaccess. In this way, airlines may provide content, while maintaining alevel of safety.

Similarly, motion may be used to selectively lock and/or unlock contentbased further on the type of content. For example, when it is determinedthat the content includes video or other graphics, and the client devicehaving the content is determined to be moving relative to some definedposition, then the content may be locked from access. In this way, auser might be obliged to look away from their client device, say whenthey are walking around in a building. By locking the content in thismanner, the user is less likely to be distracted. When the content isdetermined to be audio content absent graphics, then the content mightbe allowed to be unlocked.

However, in other situations, when the user is moving and it isdetermined that the defined position is also in motion, then the contentmay be unlocked. This situation might arise when the user is a passengeron a commercial vehicle. The content may be locked when the vehicle isstopped and unlocked when the vehicle is moving (and the content iswithin the region). In some embodiments, the content might be allowed toremain unlocked when both the vehicle and the client device has stoppedmoving. In this manner, the user may continue to access the content evenwhile the vehicle stops such as at stations, stop lights, or the like.When the user then leaves the vehicle, and therefore the region, thecontent automatically terminates or otherwise is locked against access.In this manner, a train company, airline, or other transportationprovider, may provide content free, or at a reduced fee, to a passengerwith expectations that the content would increase the likelihood thattheir passengers would come back.

FIG. 1-A shows components of one embodiment of an environment in whichthe invention may be practiced. Not all the components may be requiredto practice the invention, and variations in the arrangement and type ofthe components may be made without departing from the spirit or scope ofthe invention. As shown, system 100-1 of FIG. 1-A includes network 107,client devices 102-105, and Access Device 110. In one embodiment, AccessDevice 110 may also be a defined position for reference. Also shown isregion 120.

Region 120 may be any region that is defined in two-dimensional orthree-dimensional space. As such, region 120 may be uniquely defined,for example, to describe a floor layout of a building, dimensions ofvehicle, or any of a variety of other regions. For example, a region 120might be defined around a landmark, a street corner, a park, a store, orthe like. Region 120 may be defined using any of a variety of coordinatesystems, including, for example, latitude, longitudes, and attitudes.However, region 120 may also be defined based on a radial distance froma defined position. In some embodiments, region 120 may reflect aphysical constraint, such as might arise from a building. However,region 120 need not be so constrained, and may instead be an artificialperimeter about any point or points taken in space.

Region 120 may be defined in a file, document, spreadsheet, or othermechanism that is stored within a computing device, such as accessdevice 110. However, the definition of region 120 may also be stored, orotherwise accessible from any of a variety of other sources. In someembodiments, a definition of the region and/or other regions ofconstraint, as well as motion constraints, as appropriate, may beprovided along with the protected content, and component, to a clientdevice.

One embodiment of client devices 102-105 is described in more detailbelow in conjunction with FIG. 2. In one embodiment, at least some ofclient devices 102-105 may operate over a wired and/or a wirelessnetwork such as network 107. As shown, client devices 102-105 mayinclude virtually any computing device capable of communicating over anetwork to send and receive information, including instant messages,performing various online activities, or the like. The set of suchdevices may include devices that typically connect using a wired orwireless communications medium such as personal computers,multiprocessor systems, microprocessor-based or programmable consumerelectronics, network PCs, or the like. Also, client devices 102-105 mayinclude virtually any device usable as a video display device, such as atelevision, display monitor, display screen, projected screen, and thelike. Additionally, client device 106 may include any kind of consumerelectronic device, e.g., a Blu-ray player, DVD player, CD player,portable music playing device, portable display projector, and the like.Moreover, client devices 102-105 may provide access to various computingapplications, including a browser, or other web-based application.

Generally, however, client devices 102-105 may include virtually anyportable computing device capable of receiving and sending messages overa network, accessing and/or playing content, such as network 107, or thelike. Further, client devices 102-105 may include virtually any portablecomputing device capable of connecting to another computing device andreceiving information such as, laptop computer, smart phone, and tabletcomputers, and the like. However, portable computer devices are not solimited and may also include other portable devices such as cellulartelephones, display pagers, radio frequency (“RF”) devices, infrared(“IR”) devices, Personal Digital Assistants (“PDAs”), handheldcomputers, wearable computers, integrated devices combining one or moreof the preceding devices, and the like. As such, client devices 102-105typically range widely in terms of capabilities and features.

A web-enabled client device may include a browser application that isconfigured to receive and to send web pages, web-based messages, and thelike. The browser application may be configured to receive and displaygraphics, text, multimedia, media content, and the like, employingvirtually any Internet based and/or network-based protocol, includingbut not limited to a wireless application protocol messages (“WAP”),Hypertext Transfer Protocol (“HTTP”), or the like. In one embodiment,the browser application is enabled to employ Handheld Device MarkupLanguage (“HDML”), Wireless Markup Language (“WML”), WMLScript,JavaScript, or other scripting language, Standard Generalized MarkupLanguage (“SGML”), HyperText Markup Language (“HTML”), eXtensible MarkupLanguage (“XML”), and the like, to display and send a message. In oneembodiment, a user of a client device may employ the browser applicationto perform various activities over a network (online) However, anotherapplication may also be used to perform various online activities.

As described further below, the browser application may enable a user toaccess content, over a network (e.g., network 107), such as might beprovided through Access Device 110. In some embodiments, Access Device110 may include within a webpage accessed by client device 102-105, oneor more scripts, links, and/or other instructions that enable the clientdevice to download for installation one or more components, definitionsof regions, and/or other access constraints, along with the protectedcontent from Access Device 110.

Client devices 102-105 also may include at least one other clientapplication that is configured to receive and/or send content betweenanother computing device. The client application may include acapability to send and/or receive content, or the like. The clientapplication may further provide information that identifies itself,including a type, capability, name, and the like. In one embodiment,client devices 102-105 can identify themselves as part of a class ofdevices. In another embodiment, client devices 102-105 can uniquelyidentify themselves through any of a variety of mechanisms, including aphone number, Mobile Identification Number (“MIN”), an electronic serialnumber (“ESN”), Internet Protocol (IP) Address, network address, orother mobile device identifier. The information may also indicate acontent format that the mobile device is enabled to employ. Suchinformation may be provided in a network packet, or the like, sentbetween other client devices, Access Device 110, or other computingdevices. Moreover, it should be readily understood that devices and/orcomponents within a device that is communicating with a client devicemay also identify themselves using any of a variety of mechanisms,including those used by the client device.

In at least some embodiments, the client devices of FIG. 1-A, or contenton the client devices, can be labeled as “locked,” “unlocked,” or“selectively locked” to illustrate various instances of the protectedcontent with respect to region 120. Client device 102 is shown to bewithin region 120, and therefore, the content is unlocked andaccessible. Both client devices 104-105 are outside of region 120, andtherefore their respective protected content is locked. Client device103 is illustrated as being in motion relative to Access Device 110'sdefined position. As discussed elsewhere, based on being within region120, and further based on the type of content being protected, thecontent may be selectively locked or unlocked.

Network 107 is configured to couple client devices 102-105 and theircomponents with Access Device 110. Network 107 may include any of avariety of wireless sub-networks that may further overlay stand-alonead-hoc networks, and the like, to provide an infrastructure-orientedconnection for client devices 102-105. Such sub-networks may includemesh networks, Wireless LAN (“WLAN”) networks, cellular networks, andthe like. In one embodiment, the system may include more than onewireless network.

Network 107 may further include an autonomous system of terminals,gateways, routers, and the like connected by wireless radio links, andthe like. These connectors may be configured to move freely and randomlyand organize themselves arbitrarily, such that the topology of network107 may change rapidly.

Network 107 may further employ a plurality of access technologiesincluding 2nd (2G), 3rd (3G), 4th (4G), or future generation radioaccess for cellular systems, WLAN, Wireless Router (“WR”) mesh, and thelike. Access technologies such as 2G, 3G, 4G and future access networksmay enable wide area coverage for mobile devices, such as client devices102-105 with various degrees of mobility. In one non-limiting example,network 107 may enable a radio connection through a radio network accesssuch as Global System for Mobil communication (“GSM”), General PacketRadio Services (“GPRS”), Enhanced Data GSM Environment (“EDGE”),Wideband Code Division Multiple Access (“WCDMA”), and the like. Inessence, network 107 may include virtually any wireless communicationmechanism by which information may travel between client devices 102-105and another computing device, network, and the like.

Also, network 107 can include the Internet in addition to LANs, WANs,direct connections, such as through a universal serial bus (“USB”) port,other forms of network mechanism, or any combination thereof. On aninterconnected set of LANs, including those based on differingarchitectures and protocols, a router acts as a link between LANs,enabling messages to be sent from one to another. In addition,communication links within LANs typically include twisted wire pair orcoaxial cable, while communication links between networks may utilizeanalog telephone lines, full or fractional dedicated digital linesincluding T1, T2, T3, and T4, and/or other carrier mechanisms including,for example, E-carriers, Integrated Services Digital Networks (“ISDNs”),Digital Subscriber Lines (“DSLs”), wireless links including satellitelinks, or other communications links known to those skilled in the art.Moreover, communication links may further employ any of a variety ofdigital signaling technologies, including without limit, for example,DS-0, DS-1, DS-2, DS-3, DS-4, OC-3, OC-12, OC-48, or the like.Furthermore, remote computers and other related electronic devices couldbe remotely connected to either LANs or WANs via a modem and temporarytelephone link. In one embodiment, network 107 may be configured totransport information using an Internet Protocol (“IP”). In essence,network 107 includes any communication method by which information maytravel between computing devices.

Additionally, network mechanisms by way of example, network mechanismsinclude wired media such as twisted pair, coaxial cable, fiber optics,wave guides, and other wired media and wireless media such as acoustic,RF, infrared, and other wireless media.

One embodiment of Access Device 110 is described in more detail below inconjunction with FIG. 3. Briefly, however, Access Device 110 includesvirtually any network device usable to operate as a content server toconnect to network 107 to provide content to client devices 102-105, andto further manage access to the content based in part on a region withpossible motion. In some embodiments, Access Device 110 may provideprotected content to a client device. The protected content may beprovided along with a component such as an application, script, or thelike. In some embodiments, a definition of one or more regions, alongwith any other access constraints, are also downloaded to the clientdevice. In some embodiments, not only is the content encrypted, but thedefinitions of the regions and other access constraints may also beencrypted. The component can be configured to further manage access tothe content when the client device is outside of a defined region, suchas region 120.

In some embodiments, the component might include a capability to performdecryption on the content by receiving a decryption key from AccessDevice 110. In some embodiments, the decryption key is encrypted using apublic key associated with the component. The private key associatedwith the public key can be, in some embodiments, embedded within thecomponent, such that the private is inaccessible other than through useof the component. In some embodiments, the component might include atamper detection agent that monitors for improper attempts access thekeys or the content. When such attempts are detected, the componentmight then perform any of a variety of security actions, including,destroying the keys, destroying the content, or any of a variety ofother actions.

In some embodiments, the component provided with the content may performactions as described further below in conjunction with FIG. 4 to manageaccess to the content. In some embodiments, the content may be madeaccessible for use with another application, such as a browser, mediaplayer or the like, resident within the client device.

It should be readily recognized that Access Device 110 is configured tooperate on behalf of a content owner, distributor, or similar businessentity. However, while used herein to represent such network devicesuseable to provide content, it is further recognized that other devicesmay also be employed. For example, a content provider may employ onenetwork device to provide content, and a different network device foruse in managing access to that content based at least on a region. Thus,other configurations and variations of devices serving content are alsoenvisaged, and other embodiments are not constrained to a singleconfiguration/arrangement of devices. Moreover, Access Device 110 maycontain a plurality of network devices to provide content, licenses,and/or decryption keys to a client device, such as client devices102-105. Similarly, in another embodiment, Access Device 110 may containa plurality of network devices that operate using a master/slaveapproach, where one of the plurality of network devices of Access Device110 operates to manage and/or otherwise coordinate operations of theother network devices. In other embodiments, the Access Device 110 mayoperate as a plurality of network devices within a cluster architecture,a peer-to-peer architecture, and/or even within a cloud architecture.Thus, the invention is not to be construed as being limited to a singleenvironment, and other configurations, and architectures are alsoenvisaged.

As shown in FIG. 1-A, Access Device 110 is illustrated to be withinregion 120. However, other embodiments are not so limited. For example,Access Device 110 might reside outside of region 120, while anotherdefined position remains within region 120. In this manner, AccessDevice 110 might be configured to provide access management over aplurality of different regions.

Devices that may operate as Access Device 110 include various networkdevices, including, but not limited to personal computers, desktopcomputers, multiprocessor systems, microprocessor-based or programmableconsumer electronics, network PCs, server devices, network appliances,and the like.

FIG. 1-B shows components of another embodiment of an environment inwhich the invention may be practiced. Not all the components may berequired to practice the invention, and variations in the arrangementand type of the components may be made without departing from the spiritor scope of the invention. As shown, system 100-2 of FIG. 1-B includesnetwork 107-2, client device 102, and Access Device 110. In oneembodiment, Access Device 110 may also be a defined position forreference. However, as illustrated, a defined position 190 may beestablished that is other than Access Device 110. Also shown is region160, which may represent an internal perimeter of an aircraft, or otherstructure. As illustrated, region 160 is above a reference point 199 bysome elevation, and is shown to be in motion.

Client device 102, Access Device 110, and network 107-2 are similar tothose components described above in conjunction with FIG. 1-A. Further,as illustrated in FIG. 1-B, the protected content on client device 102is unlocked. As discussed herein, this state of the content may be basedon the content being within the defined region 160 including being abovea defined elevation.

FIG. 2 shows one embodiment of client device 200 that may be included ina system implementing the invention. Client device 200 may represent anyof a variety of platforms useable to perform actions as disclosedwithin. Client device 200 may include many more or less components thanthose shown in FIG. 2. However, the components shown are sufficient todisclose an illustrative embodiment for practicing the presentinvention. Client device 200 may represent, for example, one embodimentof at least one of client devices 102-105 of FIG. 1-A.

As shown in the figure, client device 200 includes a central processingunit (“CPU”) 202 in communication with a mass memory 226 via a bus 234.Client device 200 also includes a power supply 228, one or more networkinterfaces 236, an audio interface 238, a display 240, a keypad 242, anilluminator 244, a video interface 246, an input/output interface 248, ahaptic interface 250, and a global positioning systems (“GPS”) receiver232.

Power supply 228 provides power to client device 200. A rechargeable ornon-rechargeable battery may be used to provide power. The power mayalso be provided by an external power source, such as an alternatingcurrent (“AC”) adapter or a powered docking cradle that supplementsand/or recharges a battery.

Client device 200 may optionally communicate with a base station (notshown), or directly with another computing device. Network interface 236includes circuitry for coupling client device 200 to one or morenetworks, and is constructed for use with one or more communicationprotocols and technologies including, but not limited to, GSM, codedivision multiple access (“CDMA”), time division multiple access(“TDMA”), user datagram protocol (“UDP”), transmission controlprotocol/Internet protocol (“TCP/IP”), Short Message Service (“SMS”),GPRS, WAP, ultra wide band (“UWB”), Institute of Electrical andElectronics Engineers (“IEEE”) 802.16 Worldwide Interoperability forMicrowave Access (“WiMax”), session initiated protocol/real-timetransport protocol (“SIP/RTP”), or any of a variety of other wiredand/or wireless communication protocols. Network interface 236 issometimes known as a transceiver, transceiving device, or networkinterface card (“NIC”).

Audio interface 238 is arranged to produce and receive audio signalssuch as the sound of a human voice. For example, audio interface 238 maybe coupled to a speaker and microphone (not shown) to enabletelecommunication with others and/or generate an audio acknowledgementfor some action.

Display 240 may be an LCD, gas plasma, light emitting diode (“LED”), orany other type of display used with a computing device. Display 240 mayalso include a touch sensitive screen arranged to receive input from anobject such as a stylus or a digit from a human hand.

Moreover, display 240 may be configured to employ any of a variety ofnetwork connection types, including, but not limited to High-BandwidthDigital Content Protection (HDCP) connection types, Display Port (DP),Digital Visual Interface (DVI), and High-Definition Multimedia Interface(HDMI), as well as Gigabit Video Interface (GVIF), Standard-definition(SD), Unified Display Interface (UDI), or Intel Wireless Display (WiDi).At least some of these network connection types provide a form ofdigital copy protection. A detection of whether display 240 is connectedthrough one of these, or other types, of network connection types may bedetermined using a variety of techniques, including signaturetransmissions, protocol handshakes, authentication procedures, or thelike.

Keypad 242 may comprise any input device arranged to receive input froma user. For example, keypad 242 may include a push button numeric dial,or a keyboard. Keypad 242 may also include command buttons that areassociated with selecting and sending images.

Illuminator 244 may provide a status indication and/or provide light.Illuminator 244 may remain active for specific periods of time or inresponse to events. For example, when illuminator 244 is active, it maybacklight the buttons on keypad 242 and stay on while the client deviceis powered. Also, illuminator 244 may backlight these buttons in variouspatterns when particular actions are performed, such as dialing anotherclient device. Illuminator 244 may also cause light sources positionedwithin a transparent or translucent case of the client device toilluminate in response to actions.

Video interface 246 is arranged to capture video images, such as a stillphoto, a video segment, an infrared video, or the like. For example,video interface 246 may be coupled to a digital video camera, aweb-camera, or the like. Video interface 246 may comprise a lens, animage sensor, and other electronics. Image sensors may include acomplementary metal-oxide-semiconductor (“CMOS”) integrated circuit,charge-coupled device (“CCD”), or any other integrated circuit forsensing light.

Client device 200 also comprises input/output interface 248 forcommunicating with external devices, such as a headset, or other inputor output devices not shown in FIG. 2. Input/output interface 248 canutilize one or more communication technologies, such as USB, infrared,Bluetooth™, or the like. Haptic interface 250 is arranged to providetactile feedback to a user of the client device. For example, the hapticinterface 250 may be employed to vibrate client device 200 in aparticular way when another user of a computing device is calling.

GPS transceiver 232 can determine the physical coordinates of clientdevice 200 on the surface of the Earth. GPS transceiver 232, in someembodiments, may be optional. GPS transceiver 232 typically outputs alocation as latitude and longitude values. However, GPS transceiver 232can also employ other geo-positioning mechanisms, including, but notlimited to, triangulation, assisted GPS (“AGPS”), Enhanced Observed TimeDifference (“E-OTD”), Cell Identifier (“CI”), Service Area Identifier(“SAI”), Enhanced Timing Advance (“ETA”), Base Station Subsystem(“BSS”), or the like, to further determine the physical location ofclient device 200 on the surface of the Earth. It is understood thatunder different conditions, GPS transceiver 232 can determine a physicallocation within millimeters for client device 200; and in other cases,the determined physical location may be less precise, such as within ameter or significantly greater distances. In one embodiment, however,mobile device 200 may through other components, provide otherinformation that may be employed to determine a physical location of thedevice, including for example, a Media Access Control (“MAC”) address,IP address. In some embodiments, information from GPS transceiver 232may be used to indicate whether client device 200 is moving. This may beachieved, for example, based on determining a change of locations overtime. However, other sensors within client device 200 might also beuseable to indicate whether client device 200 is moving, including,accelerometers, gyroscopes, or the like.

Mass memory 226 includes a Random Access Memory (“RAM”) 204, a Read-onlyMemory (“ROM”) 222, and other storage means. Mass memory 226 illustratesan example of computer readable storage media (devices) for storage ofinformation such as computer readable instructions, data structures,program modules or other data. Mass memory 226 stores a basicinput/output system (“BIOS”) 224 for controlling low-level operation ofclient device 200. The mass memory also stores an operating system 206for controlling the operation of client device 200. It will beappreciated that this component may include a general-purpose operatingsystem such as a version of UNIX, or LINUX™, or a specialized clientcommunication operating system such as Windows Mobile™, or the Symbian®operating system. The operating system may include, or interface with aJava virtual machine module that enables control of hardware componentsand/or operating system operations via Java application programs.However, the operating system may also provide interfaces to any of avariety of other scripting language programs as well, and are thereforenot constrained to Java.

Mass memory 226 further includes one or more data storage 208, which canbe utilized by client device 200 to store, among other things,applications 214, protected content, and/or other data. For example,data storage 208 may also be employed to store information thatdescribes various capabilities of client device 200. The information maythen be provided to another device based on any of a variety of events,including being sent as part of a header during a communication, sentupon request, or the like. Data storage 208 may also be employed tostore information including address books, buddy lists, aliases, userprofile information, or the like. Further, data storage 208 may alsostore messages, web page content, downloaded components, protectedcontent, or any of a variety of other content. At least a portion of theinformation may also be stored on another component of client device200, including, but not limited to a disk drive, non-transitoryprocessor-readable storage device 230 within client device 200, or evenon a physical storage device accessible by client device 200 throughnetwork interfaces 236, or the like.

Applications 214 may include computer executable instructions which,when executed by client device 200, transmit, receive, and/or otherwiseprocess messages (e.g., SMS, Multimedia Message Service (“MMS”), instantmessages (“IM”), email, and/or other messages), audio, video, and enabletelecommunication with another user of another client device. Otherexamples of application programs include calendars, search programs,email clients, IM applications, SMS applications, voice over InternetProtocol (“VOIP”) applications, contact managers, task managers,transcoders, database programs, word processing programs, securityapplications, spreadsheet programs, games, search programs, and soforth. Applications 214 may include, for example, browser 218, mediaplayer 261, and Region Detection Application (RDA) 272.

Browser 218 may include virtually any application configured to receiveand display graphics, text, multimedia, and the like, employingvirtually any web based protocol. In one embodiment, the browserapplication is enabled to employ HDML, WML, WMLScript, JavaScript, otherscripting languages, SGML, HTML, XML, and the like, to display and senda message. However, any of a variety of other web-based programminglanguages may be employed. In one embodiment, browser 218 may enable auser of client device 200 to provide and/or receive content from anothercomputing device, such as Access Device 110 of FIG. 1-A. Althoughbrowser 218 is described herein, it should be noted that there are aplurality of other applications that may operate as a user agentconfigured to request and/or access content over a network. Thus, otheruser agents may also be included within client device 200. Moreover,while a single browser is illustrated, it should be noted that clientdevice 200 may include a plurality of browsers or applications providingfunctionality of a browser application.

As an aside, while client device 200 may receive content over a networksuch as network 107 of FIG. 1-A, content may be obtained through othermechanisms as well, including via a portable storage device, such as aDVD, USB storage device, CD, or the like.

Media player 261 represents any of a variety of software and/or hardwareconfigurations arranged to receive and play various content. As such, inone embodiment, media player 261 may also represent a hardware componentthat might be installed within client device 200 and/or coupledelectrically to client device 200 to enable client device 200 to accessand play content. In one embodiment, media player 261 may receiveprotected content from browser 218, and employ RDA 272 to enable accessand/or play of the received protected content.

While browser 218 and media player 261 are illustrated, it should beunderstood that client device 200 may include a plurality of otherapplications usable to enable client device to play or otherwise accessunlocked content.

RDA 272 represents a component that may be installed within clientdevice 200 to manage selective access to content that is protected atleast based on a relationship to a defined region, and/or a motion ofthe client device. RDA 272 may be configured to access one or moreencryption/decryption keys usable to unlock protected content 273. Inone embodiment, the decryption keys may be provided to RDA 272 fromanother device. In some embodiments, the decryption keys may beconfigured to expire after a defined period of time. In this manner, anew decryption key will be needed to continue to provide access toprotected content 273. In other embodiments, the new decryption keymight be sent to client device 200 by another device based on adetermination that the client device 200 is within a defined region forprotected content 273, and optionally further satisfies a motioncriteria.

In some embodiments, RDA 272 may include a private key associated with apublic key. The decryption keys sent to client device 200 may then beencrypted using the public key. In this manner, access may be furthercontrolled by RDA 272. RDA 272 may employ a process such as describedbelow in conjunction with FIGS. 4-5 to perform at least some of itsactions.

FIG. 3 shows one embodiment of a network device 300, according to atleast one embodiment of the invention. Network device 300 may includemany more or less components than those shown. The components shown,however, are sufficient to disclose an illustrative embodiment forpracticing the subject innovations. Network device 300 may be configuredto operate as a server, a client, a peer, a host, or any other device.Network device 300 may represent, for example Access Device 110 of FIG.1-A.

Network device 300 includes central processing unit 302, computerreadable storage device 328, network interface unit 330, an input/outputinterface 332, hard disk drive 334, video display adapter 336, and amass memory, all in communication with each other via bus 326. The massmemory generally includes RAM 304, ROM 322 and one or more permanent(non-transitory) mass storage devices, such as hard disk drive 334, tapedrive, optical drive, and/or floppy disk drive. The mass memory storesoperating system 306 for controlling the operation of network device300. Any general-purpose operating system may be employed. BIOS 324 isalso provided for controlling the low-level operation of network device300. As illustrated in FIG. 3, network device 300 also can communicatewith the Internet, or some other communications network, via networkinterface unit 330, which is constructed for use with variouscommunication protocols including the TCP/IP protocol. Network interfaceunit 330 is sometimes known as a transceiver, transceiving device, ornetwork interface card (NIC).

Network device 300 also comprises input/output interface 332 forcommunicating with external devices, such as a keyboard, or other inputor output devices not shown in FIG. 3. Input/output interface 332 canutilize one or more communication technologies, such as USB, infrared,Bluetooth™, or the like.

The mass memory as described above illustrates another type ofcomputer-readable media, namely computer-readable storage media and/orprocessor-readable storage media. Computer-readable storage media(devices) may include volatile, nonvolatile, removable, andnon-removable media implemented in any method or technology for storageof information, such as computer readable instructions, data structures,program modules, or other data. Examples of computer readable storagemedia include RAM, ROM, Electrically Erasable Programmable Read-onlyMemory (“EEPROM”), flash memory or other memory technology, Compact DiscRead-only Memory (“CD-ROM”), digital versatile disks (“DVD”) or otheroptical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other physical mediawhich can be used to store the desired information and which can beaccessed by a computing device.

As shown, data storage 308 may include a database, text, spreadsheet,folder, file, or the like, that may be configured to maintain and storeuser account identifiers, user profiles, email addresses, IM addresses,and/or other network addresses, or the like. Data storage 308 mayfurther include program code, data, algorithms, and the like, for use bya processor, such as central processing unit 302 to execute and performactions. In one embodiment, at least some of data storage 308 might alsobe stored on another component of network device 300, including, but notlimited to non-transitory (processor) computer readable storage device328, hard disk drive 334, or the like.

Data storage 308 may further store protected content 310. Protectedcontent 310 represents any of a variety of content that may be protectedfrom access using based on a relationship to a defined region orregions, and optionally based on motion criteria. Although not shown,data storage 308 may also include storage for encryption/decryptionkeys, downloadable components usable by client devices to manage access,as well as definitions of regions, and/or other access criteria.

The mass memory also stores program code and data. One or moreapplications 314 are loaded into mass memory and run on operating system306. Examples of application programs may include transcoders,schedulers, calendars, database programs, word processing programs,Hypertext Transfer Protocol (“HTTP”) programs, customizable userinterface programs, IPSec applications, encryption programs, securityprograms, SMS message servers, IM message servers, email servers,account managers, and so forth. Web server 318 and Region DetectionManager 320 may also be included as application programs withinapplications 314.

Web server 318 represent any of a variety of services that areconfigured to provide content, including messages, over a network toanother computing device. Thus, web server 318 includes, for example, aweb server, an FTP server, a database server, a content server, or thelike. Web server 318 may provide the content including messages over thenetwork using any of a variety of formats including, but not limited toWAP, HDML, WML, SGML, HTML, XML, Compact HTML (“cHTML”), Extensible HTML(“xHTML”), or the like. Web Server 318 may also be configured to enablea user of a client device, such as client devices 102-105 of FIG. 1, tobrowse content, such as protected content 310, and select content foraccess on the client device. Further, web server 318 may be configuredto provide for installation and/or execution at a client device, adownloadable component, such as discussed above.

Region Detection Manager (RDM) 320 represents one or more applicationsthat are configured to manage access to protected content on a clientdevice based in part on a region or regions, and possibly based furtheron a motion of the content in relationship to some defined position. RDM320 may operate in conjunction with a downloaded component on the clientdevice, or independent of a downloaded component. In some embodiments,RDM 320 may receive information indicating a location of a clientdevice, and in conjunction with one or more defined regions, determinewhether the client device having protected content is within a definedregion to enable access. When the client device is within the definedregion, and other criteria, such as motion criteria, so allows, then RDM320 may provide decryption keys or other information to the clientdevice usable to enable the client device to unlock and access thecontent. Thus, in some embodiments, determination and directions tounlock content may be performed by RDM 320. However, as noted above, inother embodiments, such determinations may be performed by thedownloaded component and not by RDM 320. Thus, various configurationsmay be used to provide increased flexibility in managing access to theprotected content. In any event, in some embodiments, RDM 320 employs aprocess such as described below in conjunction with FIGS. 4-5 to performat least some of its actions.

The operation of certain aspects of various embodiments will now bedescribed with respect to FIGS. 4-5. FIG. 4 illustrates a flow chart ofone embodiment of a process usable to manage selective access to contentthat is protected based on a relationship of the content to a mobileregion.

Process 400 of FIG. 4 may be performed within a client device, such asthe client devices of FIGS. 1-A and 1-B. However, in other embodiments,process 400 can also be performed by a network device, such as AccessDevice 110 of FIGS. 1-A and 1-B. In still other embodiments, at leastsome of the steps shown in process 400 may be performed in a clientdevice, while other steps might be performed within a network device,such as Access Device 110 of FIGS. 1-A and 1-B.

In any event, prior to or during process 400, a client device receivesprotected content. The client device may receive the protected contentusing any of a variety of mechanisms, including over a network, througha portable non-transitory storage device, or the like. In someembodiments, the protected content may be purchased and thereby licensedfor use outside of a region. However, in other embodiments the protectedcontent may include a license that further restricts the access of thecontent to being within a defined region or regions.

In any event, process 400 begins, after a start block, at block 402,where a mobile region is determined for the protected content. A mobileregion includes any region that is mobile or otherwise movable. Suchregions, as discussed above, include regions that might be associatedwith a moving vehicle, such as a train, bus, car, motorcycle, plane,boat, or the like. In some embodiments, the region is defined as aregion that is in motion. Non-exhaustive examples of a region that is inmotion might include a plane in flight, a boat that is in motion, a car,train, or bus that is traveling a route, or the like. The mobile regionmight include, for example, an interior region of such mobile or movablevehicles. However, other regions may be defined. In some embodiments, aposition within or associated with the vehicle might be used to define adistance from the position that is then used to define the mobileregion. For example, consider a position on a bus, such as a dashboardlocation, overhead position on the roof of the bus, or the like. Thenthe region might be defined as being within a definable distance fromthat position. In some embodiments, the distance from that positionmight asymmetric, such that distances above the position might beexcluded, while distances measured below the position would be included.Other definitions are also useable. Thus, these examples are not to beconstrued as limiting the embodiments. Moreover, in some embodiments,the mobile region is a region that is in motion.

Process 400 then flows to block 404, where a location of the clientdevice is determined, such that it is then determined whether the clientdevice is within the mobile region. Any of a variety of mechanisms maybe used to make such a determination, including use of GPS systems, IRsystems, network signal strengths, or the like.

Moving to decision block 406, a determination is made whether the clientdevice is within the mobile region. For example, a determination can bemade whether the client device is within the region that is in motion.In some embodiments, such determination further includes a determinationwhether the region (and the client device) is in motion or above adefined altitude or the like. If it is determined that the client deviceis within the region, then processing flows to block 410; otherwiseprocessing flows to block 408.

At block 408, when it is determined that the client device is outside ofthe region and/or other definable region criteria (e.g., whether theregion is in motion or the altitude of the region or the like), thenaccess to the protected content by the client device is denied.Processing then flows back to block 404 to continue processing. In someembodiments, processing can flow back to block 402 to enable the regionto be dynamically determined/re-determined.

At block 410, when it is determined that the client device is within theregion and/or other definable region criteria (e.g., whether the regionis in motion or the altitude of the region or the like), then access tothe protected content is selectively allowed. In some embodiments, theaccess might still be denied based on other criteria. For example,should it be determined that an improper attempt to access the protectedcontent is detected, such as hacking, tampering, or the like, then,access might continue to be denied. In some embodiments, such detectionmight include destroying of the protected content, such that furtherattempts to improperly access the content would be futile.

When access is allowed, this might include providing a decryption keyaccess to a module that enable decryption of the protected content. Thedecryption key, in some embodiments might be encrypted based on apublic/private cryptographic key pair, where the decryption key isencrypted with the public key. Access to the private key might berestricted to the module protecting the content, such as RDA 272,discussed above in conjunction with FIG. 2.

Process 400 may then optionally flow to block 412. In some embodiments,block 412 might be excluded, such that processing instead flows back toblock 404 (or 402). In any event, when block 412 is included, then ananalysis is performed to determine whether the mobile region is nolonger in motion. Such evaluation might be performed when the region isa region that is in motion. Moving to decision block 414, when it isdetermined that the region is no longer in motion, then processing flowsto block 408, where access to the protected content is denied.Otherwise, processing loops back to block 404 (or 402).

It should be noted that process 400 may be terminated at any time, basedon detecting an improper attempt to access the content, a purchase of alicense that allows access to the content independent of the region, orother region related criteria.

FIG. 5 illustrates a flow chart of one embodiment of a process usable tomanage selective access to content that is protected based on arelationship of the content to a region and further based on a motion ofthe content relative to the region.

Process 500 of FIG. 5 may be performed within a client device, such asthe client devices of FIGS. 1-A and 1-B. However, in other embodiments,process 500 can also be performed by a network device, such as AccessDevice 110 of FIGS. 1-A and 1-B. In still other embodiments, at leastsome of the steps shown in process 500 may be performed in a clientdevice, while other steps might be performed within a network device,such as Access Device 110 of FIGS. 1-A and 1-B.

In any event, prior to process 500 a client device receives protectedcontent. In some embodiments, the protected content is provided when theclient device is detected to be within a defined region. However, otherregion definitions also are applicable. As discussed above, theprotected content may provided with another component that managesaccess to the protected content.

In some embodiments, the protected content can be received by the clientdevice while outside of the defined region. As discussed above, theprotected content is locked such that access to the protected content isdenied at least until the client device with the protected content isdetermined to be within the region. Thus, for example, a user mightacquire the protected content from one location, but be unable toactually access the content until within the region. However, in someembodiments, a user can purchase, or otherwise acquire, access to theprotected content that is unconstrained by a region.

Thus, process 500 begins at optional decision block 502, where adetermination is made whether unrestricted access to the protectedcontent has been purchased, or otherwise acquired. For example, bycompleting a form, paying for a license, or taking other appropriateactions, a user might acquire a license for use of the protected contentuninhibited by a region. If it is determined that unrestricted accesshas been appropriately acquired, processing flows to block 504;otherwise processing flows to block 506. Decision block 502 may not beapplicable in instances where unrestricted access to the content is notavailable, in which case process 500 can begin at block 506.

At block 504, a license, or other mechanism is used to enable theprotected content to be unlocked, such that access to the protectedcontent is provided to the user uninhibited by a region. Processing thenflows to decision block 524.

At block 506, a location of the client device is determined. In someembodiments, the location is determined by the client device using anyof a variety of techniques. In other embodiments, the location of theclient device is determined by another network device other than theclient device.

Continuing to decision block 508, a determination is then made whetherthe client device's location is within a defined region for theprotected content. If so, then processing flows to block 512; otherwise,processing flows to block 510. Alternatively, in some instances only atwo-dimensional location is determined, particularly in those instancesaccess to content is determined solely on the two-dimensional locationwithout reference to a third dimension (e.g., elevation).

At block 510, access to the protected content is denied. In someembodiments, a message can be displayed to the user indicating thataccess is denied. Processing then flows to decision block 524.

At block 512, a determination is made of a relative motion between theclient device and a defined position. The defined position can be withinthe region, or external to the region. For example, in some embodiments,the defined position might be a same position as Access Device 110.Determining relative motion allows for increased flexibility in managingaccess to the protected content. For example, it might be determinedthat when a user is walking and reading the protected content, there isan increased likelihood that the user might bump into something orsomeone. Therefore, for safety reasons, when it is determined that theuser is moving relative to a defined position, then it might make senseto disable access to the protected content. However, in othersituations, where both the user and the defined position are in motion,access might be allowable. For example, consider where the user is on atrain, bus, in a cab, airplane, or other moving vehicle. In suchsituations, and assuming that the user is not driving the vehicle, thenaccess would be allowable. In still other situations, it might bedetermined that the protected content does not include visual content.For example, the protected content might be a music file, or the like.In such situations, it might be determined that relative motion isacceptable, and therefore access to the protected content is acceptable.Thus, because the protected content, and the defined position, may havediffering motion criteria, a determination is made at block 514 of whatthe relative motion criteria is for the protected content given thedefined position, and/or region.

Flowing next to decision block 516, a determination is made whether therelative motion criteria is satisfied. If so, processing then flows toblock 522; otherwise, processing flows to block 520. At block 520,access is denied to the protected content. Processing continues todecision block 524. At block 522, access is allowed to the protectedcontent, based on the criteria. Processing then flows to decision block524.

At decision block 524, a determination is made whether to continue tomonitor access to the protected content. If monitoring is to continue,then processing branches back to decision block 502; otherwise,processing returns.

It will be understood that each block of the flowchart illustration, andcombinations of blocks in the flowchart illustration, can be implementedby computer program instructions. These program instructions may beprovided to a processor to produce a machine, such that theinstructions, which execute on the processor, create means forimplementing the actions specified in the flowchart block or blocks. Thecomputer program instructions may be executed by a processor to cause aseries of operational steps to be performed by the processor to producea computer-implemented process such that the instructions, which executeon the processor to provide steps for implementing the actions specifiedin the flowchart block or blocks. The computer program instructions mayalso cause at least some of the operational steps shown in the blocks ofthe flowchart to be performed in parallel. Moreover, some of the stepsmay also be performed across more than one processor, such as mightarise in a multi-processor computer system, a cloud system, amulti-server system, or the like. In addition, one or more blocks orcombinations of blocks in the flowchart illustration may also beperformed concurrently with other blocks or combinations of blocks, oreven in a different sequence than illustrated without departing from thescope or spirit of the invention.

Accordingly, blocks of the flowchart illustration support combinationsof means for performing the specified actions, combinations of steps forperforming the specified actions and program instruction means forperforming the specified actions. It will also be understood that eachblock of the flowchart illustration, and combinations of blocks in theflowchart illustration, can be implemented by special purpose hardwarebased systems, which perform the specified actions or steps, orcombinations of special purpose hardware and computer instructions.

As discussed above, the subject innovations are directed towardsallowing high quality content suppliers like magazines, and book shopsto license their content to geographic locations of a business. Anycustomer within range of the location of the business could then beallowed to make free use of the content.

Many shops, cafes, and coffee houses, for example, value returningbusiness. They often want the customer to have a positive experience inthe location and come back with repeat business. When the customer wasin the middle of an interesting piece of content, when they left thelocation, they are likely to feel encouraged to go back or buy thecontent.

Other places like barbers, dentists, doctor's offices, and so forth,where waiting is part of the experience offer free magazines andnewspapers to their customers. The convention is that the newspaper ormagazine is left behind for the next customer. The content supplied thenmight be consumed during the waiting of the service, and madeinaccessible otherwise. Using the subject innovations disclosed herein,locations that might include waiting could offer high quality digitalcontent for free and for use during waiting periods, within a waitingregion.

Similarly, books, music, and software stores could offer full access totheir goods whilst the customer was in the shop or even in a shoppingmall. The user would be able to pick up an e-book for sale in the bookshop and read it in the café next door. When they left the shopping mallthe content would lock again, unless of course they decided to buy it.If the user came back to the shopping mall, they could carry on readingthe book.

Electronic exam papers could also be restricted to access and openedwhen the papers are within a physical exam hall, and lockedotherwise—until ready for grading in a particular location. Trainingmaterial could only be accessed at the training course site. Votingballots can be locked against voting stations.

Content licensed to libraries and schools may also be restricted basedon a geographic region. This would allow the licensors of the content tolower the cost of the content to the library or school. If the contentuser wanted to take the content home with them they would then buy anextended license.

Again, in each of these examples, motion of the content in relationshipto some defined position may be used to further restrict access of thecontent. In this way, a user of the content might be obliged to look upwhile walking, and possibly avoid an accident.

Content usage is not constrained to these examples. For example, awelcome pack might be sent to a user before a visit that has highquality digital content (e.g., audio and video presentations). Thecontent may be downloaded onto the user's client device but can't beplayed. However, when the user arrives at an attraction, the contentbecomes unlocked and can be enjoyed. In some embodiments, the user mightbe allowed to continue to use the content while walking around. However,in other situations, the content might lock while the user moves fromone attraction to another, in which case, the content becomes unlockedagain.

When the user leaves the attraction(s), the content is locked. If theuser wanted to take the content home, they may be allowed to buy anadditional license.

Moreover, in other examples, the content might be an application, suchas a game. For example, a series of content might be downloaded that islocked against locations. The location for the first piece of content isreleased. When the player gets to the location the content is unlockedand gives a clue to a next location. At the next location, the contentis unlocked and so on.

In still another example, a user might be allowed to work on contentwhile inside the office. However, such content might be protected suchthat when the user attempts to take it out of the company's location,such as outside, the content instantly locks. When the user again walksback into the building the content again instantly unlocks. Corporatepolicy could be used to lock files against the office location. Then anyfiles that go outside need to be authorized and exported to a passwordprotected file, or other mechanism appropriate to the corporate policy.

Forms may also be locked based on location. For example, once at alocation, the form can be opened and filled in. Once the user leaves thelocation, the form locks. In this way, a company might ensure that datais entered at a given site, and not when the user goes back to theoffice. Again, the above are meant as examples, and other usages areenvisaged. Thus, these examples do not restrict the subject innovations.

The above specification, examples, and data provide a completedescription of the manufacture and use of the composition of theinvention. Since many embodiments of the invention can be made withoutdeparting from the spirit and scope of the invention, the inventionresides in the claims hereinafter appended.

What is claimed as new and desired to be protected by Letters Patent ofthe United States is:
 1. A client device, comprising: a receivingelement to receive content over a network; and one or more processorsthat perform actions, including: receiving protected content that isprotected so that the protected content is only accessible to deviceswithin a vehicle; obtaining, from an external source, positioninformation so that the client device can determine a present locationof the client device; determining whether the client device is withinthe vehicle, which is currently moving, by determining whether thepresent location of the client device is within a moving accessibilityregion, wherein the accessibility region is defined by a distancerelative to the currently moving vehicle so that the accessibilityregion is not spatially fixed but moves with the currently movingvehicle and is indicative of the client device being within thecurrently moving vehicle; when the client device is outside of theaccessibility region that is moving with the currently moving vehicle,denying access to the protected content by the client device; and whenthe client device is within the accessibility region that is moving withthe currently moving vehicle, selectively allowing access to theprotected content by the client device.
 2. The client device of claim 1,wherein the one or more processors perform actions, further including:detecting that the accessibility region is no longer moving because thevehicle is no longer moving, and in response to such detection, denyingaccess to the protected content.
 3. The client device of claim 1,wherein the one or more processors perform actions, further including:when the client device is within the accessibility region that ismoving, detecting whether the client device or the accessibility regionthat is moving is above a defined altitude, and only when above thedefined altitude, allowing access to the protected content.
 4. Theclient device of claim 1, wherein the protected content includes acomponent that protects the protected content using a public/privatecryptographic key pair.
 5. The client device of claim 1, wherein the oneor more processors that perform actions, including: receiving from anetwork device a decryption key that enables access to the protectedcontent when the client device is within the accessibility region thatis moving.
 6. The client device of claim 1, wherein determining that theclient device is within the accessibility region that is movingcomprises determining that the client device is within the accessibilityregion based on a distance between the client device and a definedposition within the accessibility region that is moving.
 7. The clientdevice of claim 1, wherein the accessibility region that is moving isdefined as a three-dimensional region.
 8. A computer-based method,wherein a plurality of actions are performed by a processor operatingwithin a computing device, the actions comprising: receiving protectedcontent at a client device, wherein the protected content is protectedso that the protected content is only accessible to devices within avehicle; obtaining, at the client device and from an external source,position information so that the client device can determine a presentlocation of the client device; determining whether the client device iswithin the vehicle, which is currently moving, by determining whetherthe present location of the client device is within a movingaccessibility region accessibility region, wherein the accessibilityregion is defined by a distance relative to the currently moving vehicleso that the accessibility region is not spatially fixed but moves withthe currently moving vehicle and is indicative of the client devicebeing within the currently moving vehicle; when the client device isoutside of the accessibility region that is moving with the currentlymoving vehicle, denying access to the protected content by the clientdevice; and when the client device is within the accessibility regionthat is moving with the currently moving vehicle, selectively allowingaccess to the protected content by the client device.
 9. Thecomputer-based method of claim 8, wherein the processor performs actionsfurther comprising: detecting that the accessibility region is no longermoving because the vehicle is no longer moving, and in response, denyingaccess to the protected content.
 10. The computer-based method of claim8, wherein the accessibility region includes a network device usable todefine the accessibility region based on a distance from the networkdevice.
 11. The computer-based method of claim 8, further comprisingdetecting, that the client device or the accessibility region that ismoving is above a defined altitude, and only when above the definedaltitude, allowing access to the protected content.
 12. Thecomputer-based method of claim 8, wherein the protected content isprotected from access using an encryption key.
 13. The computer-basedmethod of claim 8, wherein the processor performs actions furthercomprising: when an improper attempt to access the protected content isdetected, destroying the protected content such that the protectedcontent is no longer accessible.
 14. The computer-based method of claim8, wherein the actions further include: sending a license to the clientdevice that enables extended access to the protected content outside ofthe accessibility region.
 15. The computer-based method of claim 8,wherein the moving vehicle is a train, a boat, a motor vehicle, or anairplane.
 16. An apparatus comprising a non-transitory computer readablemedium, having computer-executable instructions stored thereon, that inresponse to execution by a client device, cause the client device toperform operations, comprising: receiving protected content onto theclient device, wherein the protected content is protected so that theprotected content is only accessible to devices within a vehicle;obtaining, at the client device and from an external source, positioninformation so that the client device can determine a present locationof the client device; determining whether the client device is withinthe vehicle, which is currently moving, by determining whether thepresent location of the client device is within a moving accessibilityregion, wherein the accessibility region is defined by a distancerelative to the currently moving vehicle so that the accessibilityregion is not spatially fixed but moves with the currently movingvehicle and is indicative of the client device being within thecurrently moving vehicle; when the client device is outside of theaccessibility region that is moving with the currently moving vehicle,denying access to the protected content by the client device; and whenthe client device is within the accessibility region that is moving withthe currently moving vehicle, selectively allowing access to theprotected content by the client device.
 17. The apparatus of claim 16,wherein the apparatus performs actions, further including: detectingthat the accessibility region is no longer moving because the vehicle isno longer moving, and in response, denying access to the protectedcontent.
 18. The apparatus of claim 16, further comprising detectingthat the client device or the accessibility region that is moving isabove a defined altitude, and only when above the defined altitude,allowing access to the protected content.
 19. The apparatus of claim 16,wherein receiving the protected content further includes receiving theprotected content over a network or from a portable storage device. 20.The apparatus of claim 16, wherein the accessibility region is definedbased on either a distance between a position within the accessibilityregion and the client device, or based on a three-dimensional boundary.